Re: Re: Using WinpkFilter to make UDP DPI proxy…

1) According to the above scenario, can I use your WinpkFilter 3.x product to do it?

Sure you can.

2) Can I set a specific device adapter filter so that ONLY UDP packets going to a specific port are grabbed via a ReadPacket() call?

Yes, you can use built-in WinpkFilter filters for this.

3) Can I use the “listen” mode to grab the packets, and signal to DROP bad packets but let the good ones pass through? I really don’t want to have to re-send the good packets to the loopback address or use tunneling mode. I’d like to just drop the bad packets and let things be as normal for the good packets.

No, if you suppose to drop packets you should be filtering in tunnel mode. Listen mode only gives you a copy of the packet while passing the original one.

4) Can I open up multiple device adapter handles and set different filters for them so that simultaneous ReadPacket() calls return different packets based on the different filters?

Yes, you can open multiply adapters and set adapter specific filters.

5) Is there a way to not have to keep calling the ReadPacket() method inside of a loop? Like, set the adapter to execute a callback function when a new packet is on the buffer? This would support an event driven model which is much more efficient on the CPU.

Driver code can’t callback user mode code. If to be precise, you can execute a code in user mode part of the memory, but it can’t be safe (as packets arrive from the network at IRQL_DISPATCH_LEVEL but user mode memory can be paged out) and it also would be a security hole (as user mode code is executed with kernel mode privilege).

6) After reviewing your product documentation, I noticed there is no structure documentation for the Adapter structure that is used commonly throughout your product as an Integer Pointer Handle. You have all the other structures documented, why not this very important one? I figured it must be a common structure in NDIS, but after some research, I’m finding that driver developers start adding their custom fields to it. What is the WinpkFilter structure associated with individual Adapter handles, i.e “_ETH_REQUEST.hAdapterHandle” ?

This is internal WinpkFilter structure and it is not accessible from user mode (it is allocated from kernel memory).Thats why it is opaque.